IPv6 – DNS Part 2 (serving DNS over IPv6)

As I pointed out in the last IPv6 post, there are three parts of getting to “IPv6 DNS” and we only accomplished Step 1.

  1. The first is to get AAAA (quad-A) records into your DNS system. At that point clients can ask for the AAAA records over IPv4 and everything will work just fine.
  2. The second is for you to actually serve your DNS zones over IPv6.
  3. The third is to get hooked into the global IPv6 DNS system, so that others can resolve your IPv6 addresses.

Here we go with Part 2, to get our own Bind name server to listen (and answer) on IPv6 transport.

Depending on your particular version of Bind and Linux, you may already be ready to listen for queries on IPv6. Look in /etc/bind for the config file that contains the Bind options. In my version of Ubuntu, this is /etc/bind/named.conf.options

All you need is the following directive:

listen-on-v6 {any};

This tells bind to listen on all IPv6 interfaces. There’s an implied “listen-on {any};” which does the same for IPv4. In both cases, you can also use the “listen” directive to select specific interfaces or ports for Bind to listen to in IPv4 and IPv6.

After changing the config file and restarting Bind, we can query DNS over IPv6 from the same computer:

server$ dig -6 +short @::1  www.thuktun.org aaaa         #::1 is the IPv6 loopback address
2001:470:67:88::10

Let’s try it from a client:

client$ dig -6 +short @2001:470:67:88::10 ipv6.thuktun.org aaaa       # that IPv6 address is the address of my DNS server
2001:470:67:88::10

And, we’re done with Step 2. But what happens if we don’t provide a specific DNS name server?

client$ dig -6 ipv6.thuktun.org aaaa
; <<>> DiG 9.6-ESV-R4-P3 <<>> -6 ipv6.thuktun.org aaaa
;; global options: +cmd
;; connection timed out; no servers could be reached

My DNS server is fine, BUT there’s something wrong when I query starting from the ROOT name servers. And that’s what we’ll look into next time.

  1. #1 by nomad on December 15, 2011 - 12:38 pm

    The named that comes with FBSD wants a slightly different version of the listen-on-v6 line:

    listen-on-v6 { any; };

    Note the ; inside the braces, as well as the closing one.

  1. IPv6 DNS Part 3 (authoritative DNS via IPv6 transport) « Thuktun (Message)
%d bloggers like this: